I have a subscription based app, charged on the basis of number of users added.
I want to restrict users to single session.
How to implement it. I am using devise for authentication.
Thanks..
There is a devise extension with session limit support
https://github.com/phatworx/devise_security_extension
Related
I have a user, community and post type where a community can have multiple users and posts. The posts has an attribute called "visibility", if the visibility value is "private" only the users of that community can see the posts. If the visibility is "public" every user can see the post. Is possible to accomplish this using amplify and cognito? How?
Cognito has groups. You can create groups and add users into these groups. When your user authenticates they get a token, and the claims on that token can be used to confirm which groups they belong to.
Cognito Groups are really useful for controlling access to things like admin apis with an 'admin' group. However, if you're creating lots of groups of adding users in and out regularly, I would recommend implementing an application level feature (i.e. manage this in your database).
Cognito isn't as scalable as your application persistence is likely to be. It can be a bit slow and it doesn't come with nice features for managing your groups.
So yes, its possible to manage in Cognito, but I would recommend doing it with a database of some sort.
I'm exploring the WSO2 Identity server as a possible solution for a requirement we have.
We manage a lot of accounts, and every account has it's own admin users, users & roles.
We have a set of available permissions which is shared between all accounts, and (permissible) users can create new users, roles, attach roles to users etc..
But, the Users / Roles must be separated between the different accounts.
Also, accounts can be created / modified during run time.
What is the best practice to achieve this using the WSO2 IS? Maintaining User store per account? Using multi-tenancy?
I'm all over the WSO2 docs and can't seem to find a recommended solution to this requirement.
Thanks!
AFAIK it is better to go with multi tenancy. There you can create multiple tenants for each group and have an admin user/users/permission/roles specific to that particular group
I'm using Rails 3.2.11 with Devise 2.2.3 for a subscription service application. I inherited the app from another developer who is no longer available. I am new to Rails and Devise.
I want to allow a single user (email) to have more than one session to the same app, running concurrently. The sessions may all have the same IP address or different IP addresses, though probably different devices -- desktop, laptop, table, smart phone.
I want to treat each session independently, so the user can sign on and off one session without affecting any work in progress on another session.
Question: Does devise support multiple concurrent sessions normally? Do I have to customize any code or config?
When I look at the User model, I see single attributes for "current_sign_in_at", "current_sign_in_ip" and "authentication_token" -- this makes me think a single User can only have one session at a time.
I've looked at this discussion and at the devise wiki but haven't found an answer.
Yes, devise allows multiple concurrent sessions for same users by default. Then, if you want restrict this behavior, you need to use some extension like: devise_security_extension
I'm using Rails 3.2.17 with Devise 3.2.2
I'm using devise on Rails 4.0. I need non-login users, that is, people who are considered part of a team but never need to log in or interact with the app, they just get emails, appear in different lists and so on (in the future, however, they can potentially become users).
Ways I'm guessing how to do it are to:
programmatically add them, then -
possibly generate the devise views so I can alter them for non-login users?
write the controller to block non-login users?
I need to know what would be the basic steps for implementing non-login users.
I want to use devise's tokens to support logging in/out in multiple clients at once. The problem is that today there's only one authentication token per user.
With today's devise i can:
1. Use the same token for all clients.
2. Reset the token on every login (and lose the login on other devices).
What i want i a the ability to create multiple tokens (one for each client). Does devise has that option? Is there any other plugin?
Thanks,
I solved it and wrote my solution in my blog: http://www.refaelos.com/post/20664288136/multiple-token-authentication-with-devise-redis?2c914400